Anchore Introduces the First SBOM-Powered Software Supply Chain Management Platform
Major new release will help enterprises with continuous visibility and security for their software supply chains
Today Anchore introduced the first software supply chain management solution built with the software bill of materials (SBOM) at the heart of the platform. This major new release of Anchore Enterprise expands continuous security capabilities to identify upstream dependencies in source code repositories and monitor for SBOM drift that can indicate malware or compromised software.
According to the Gartner® Innovation Insight for SBOMs report, software engineering leaders “must integrate SBOMs into their DevSecOps pipelines to perform three tasks:
- Automatically generate SBOMs for all software produced;
- Automatically verify SBOMs for software consumed (both open source and proprietary);
- Use SBOM data to continuously assess security and compliance risks (before and after deployment).”*
The Anchore Enterprise 4.0 release provides an end-to-end approach by enabling customers to generate and analyze SBOMs across all the steps in the development lifecycle in order to identify and remediate security risks, including vulnerabilities, malware, misconfigurations, and secrets. It also includes the ability to continuously monitor software applications for new or zero-day vulnerabilities that arise post-deployment and to share each application’s SBOM with downstream users.
“Unlike traditional security scanning tools, the SBOM-powered approach of Anchore Enterprise delivers the most comprehensive visibility into the software supply chain,” said Neil Levine, vice president of product at Anchore. “By storing SBOMs from each build and each step in the development process, Anchore creates a comprehensive SBOM repository that has the ability to track SBOM drift — a critical foundation for securing the software supply chain. Anchore Enterprise 4.0 also delivers automation in a way that reduces developer friction by embedding security checks into existing development toolchains to optimize velocity.”
Anchore Enterprise Key Capabilities Include:
Track the Security Profile of Open Source Dependencies
Anchore Enterprise 4.0 extends scanning for dependencies to include source code repositories in addition to existing support for container scanning through CI/CD, registries, or Kubernetes. Users can generate comprehensive SBOMs that include both direct and transitive dependencies from source code repositories to pinpoint relevant open source vulnerabilities and enforce policy rules.
Track SBOM Drift to Detect Suspicious Activity
This innovative capability detects SBOM drift in the build process, issuing an alert for changes in SBOMs so they can be assessed for risk, malware, compromised software or malicious activity. With SBOM drift detection, security teams can set policy rule alerts when components are added, changed, or removed so that they can quickly identify new vulnerabilities, developer errors, or malicious efforts to infiltrate builds.
End-to-End SBOM Management
Comprehensive SBOM management reduces risk and increases transparency in software supply chains. Anchore automatically generates and analyzes comprehensive SBOMs at each step of the development lifecycle. SBOMs are the foundational element and are stored in a repository to provide visibility into components, dependencies, and continuous vulnerability monitoring, even post-deployment.
Additionally, users can meet customer or federal compliance requirements such as those described in the Executive Order On Improving the Nation’s Cybersecurity by producing application-level SBOMs to be shared with downstream users.
Gain an Application-Level View of Software Supply Chain Risk
Securing the software supply chain requires visibility into risk for each and every application. Now users can tag and group all of the artifacts associated with a particular application, release, or service. This enables users to report on vulnerabilities and risks at an application level and monitor each application release for new vulnerabilities that arise. In the case of a new vulnerability or zero-day, users can quickly identify impacted applications solely from the SBOM repository and respond quickly to protect and remediate those applications.